<?
session_start();
include 'functions.php';
include 'connect.php';

$output = json_encode(array("status"=>"error", "message"=>"NO"));

$specId = mysql_real_escape_string($_POST['specId']);
$action = mysql_real_escape_string($_POST['action']);

if(isset($_SESSION['password']) && isset($_SESSION['email']) && isset($_SESSION['userId']) && isset($_POST['specId']) && isset($_POST['action'])){

	$password = mysql_real_escape_string($_SESSION['password']);
	$email = mysql_real_escape_string($_SESSION['email']);
	
	$validate = checkUser($email, $password, 1);
	
	if($validate == 1){

		$abfrage = "
			UPDATE ffxivc_specs SET public = '".$action."'
			WHERE specId = \"".$specId."\"";
		$res = mysql_query($abfrage);
			
		if ($res){
			$output = json_encode(array("status"=>"success", "message"=>"CHANGED"));
		}
	}
}

echo $output; 

?>